US8522347B2 - Real-time network updates for malicious content - Google Patents
Real-time network updates for malicious content Download PDFInfo
- Publication number
- US8522347B2 US8522347B2 US12/661,470 US66147010A US8522347B2 US 8522347 B2 US8522347 B2 US 8522347B2 US 66147010 A US66147010 A US 66147010A US 8522347 B2 US8522347 B2 US 8522347B2
- Authority
- US
- United States
- Prior art keywords
- reputation
- thumbprints
- constituent components
- data center
- transmitted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/04—Real-time or near real-time messaging, e.g. instant messaging [IM]
Definitions
- the present invention generally relates to network security.
- the present invention more specifically relates to the intelligent and real-time response to malicious content threats in a global network.
- the increased number of users is indicative of a populace that has become increasingly reliant on network communications and resources.
- This increased reliance corresponds to a shift in the presence of sensitive information on network infrastructures.
- the growth in users, sensitive information, and potential threats coupled with the need to isolate threats at time-zero before they can infect or affect a network or networks requires a system with increased speed and scalability and that can operate on a global scale.
- a first claimed embodiment is for a system for delivery of a message over a network.
- a second claimed embodiment is for a system for receiving and providing real-time network updates for malicious content.
- a third claimed embodiment is for a method for establishing the reputation of message components.
- a fourth claimed embodiment is for a method for characterizing messages using real-time updates received from a network data center.
- FIG. 1 illustrates a system for delivery of a message over a network.
- FIG. 2 illustrates a system for receiving and providing real-time network updates for malicious content.
- FIG. 3 illustrates a method for establishing the reputation of message components.
- FIG. 4 illustrates a method for characterizing messages using real-time updates received from a network data center.
- Embodiments of the present invention allow for a global response network to collect, analyze, and distribute “cross-vector” threat-related information between security systems to allow for an intelligent, collaborative, and comprehensive real-time response.
- FIG. 1 illustrates a system 100 for delivery of a message over a network.
- a message forwarding device 110 may be implemented in the context of a mail server or other gateway device.
- the message forwarding device 110 exchanges messages over one or more communications networks 120 using one or more network interfaces 130 .
- Network 120 may be a wide area network (WAN) such as the global Internet or a local area network (LAN), which may be secured.
- WAN wide area network
- LAN local area network
- Message forwarding device 110 may be further implemented in the context of or behind a firewall (not shown).
- Message forwarding device 110 executes program(s) stored in memory by means of a processor to effectuate the forwarding of messages ( 140 A . . . D) received over networks 120 at network interface 130 .
- a message might be forwarded to a user client device ( 150 A . . . C), a mail server or gateway, or some other network device depending upon the particular configuration of the message forward device 110 relative one or more networks 120 .
- Messages 140 received at message forwarding device 110 may include malicious content (e.g., 140 D) such as a virus, worm, or some other item that can cause unwanted behavior on a user device 150 or in networks 120 .
- message forwarding device 110 may include a malicious content detection mechanism 160 .
- Malicious content detection mechanism 160 may implement any of the various detection techniques and methodologies disclosed in co-pending U.S. patent application Ser. No. 11/156,372 filed Jun. 16, 2005 and entitled “Time Zero Detection of Infectious Messages” and U.S. patent application Ser. No. 11/156,373 filed Jun. 16, 2005 and entitled “Managing Infectious Messages as Identified by an Attachment.” These techniques include, but are not limited to, signature matching tests, file names tests, character tests, but pattern tests, N-gram tests, bit pattern tests, and probabilistic finite state automata tests. Information related to or required to properly execute these tests may be acquired from the network data center 210 of system 200 and addressed in the context of FIG. 2 below.
- Detection mechanism 160 may be implemented as software stored in memory of device 110 and executable by a processor. Mechanism 160 may alternatively be implemented as firmware or a specialized hardware component communicatively coupled to device 110 . In some instances, mechanism 160 may be implemented in a separate network component that communicates with device 110 over network 120 . Malicious content detection mechanism 160 could, therefore, be implemented at a user client device 150 .
- Networks are particularly vulnerable during the time window between the first appearance of malicious content (e.g., a virus) and the deployment of information related to indentifying and subsequently quarantining or destroying the virus.
- This time window is sometimes referred to a “time zero” or “day zero.”
- This period of vulnerability applies to not only the initial appearance of a virus or some other form of malicious content, but re-emergence of a subsequent iteration of the virus that may have mutated rendering previous information concerning identification, quarantine, and destruction obsolete or ineffective.
- malicious content detection mechanism 160 should remain up to date with respect to information indicative of the most recent iterations of malicious content. If malicious content detection mechanism 160 has the most up to date information concerning malicious content, then message forwarding device 110 can prevent the introduction of malicious content received over the Internet into a more secure environment such as a corporate intranet. Having access to the most up to date information, too, may prevent a user from contributing to the spread of the malicious content within the secure network or to the network of another entity by preventing the transmission of ‘infected’ messages.
- Malicious content detection mechanism 160 may similarly operate as a line of first defense in identifying the emergence of new malicious content threats. For example, a message with an executable file may be received at a message forwarding device 110 in a secure network. A user may inadvertently execute the file and cause some unwanted result on their personal computing device 150 if not the greater private network. Regardless of the scope of damage, the existence of this new threat may be identified and logged by the malicious content detection mechanism 160 and reported to a network data center 210 like that illustrated in the system 200 of FIG. 2 .
- FIG. 2 illustrates a system 200 for receiving and providing real-time network updates for malicious content.
- System 200 as illustrated in FIG. 2 includes a network data center 210 , a desktop application 220 , enterprise e-mail appliance 230 , and various real-time data feeds 240 . While a single desktop application 220 and enterprise appliance 230 are illustrated in the context of FIG. 2 , any number of applications or appliances may be a part of system 200 and contribute data utilized by data center 210 to provide real-time network updates.
- Network data center 210 utilizes collaborative filtering to create reputation scores for vector components.
- network data center 210 aggregates data from numerous sources in order to identify threats and to collaboratively define suspected vector components that should be blocked or filtered.
- network data center 210 receives data and information from the desktop application 220 and the enterprise appliance 230 , which are each running an implementation of malicious content detection mechanism 160 as described in the context of FIG. 1 .
- Network data center 210 may acquire this information through regularly scheduled queries or polling.
- Network data center 210 may also acquire this information as a part of a real-time probe made to gather immediate and the most up to date information concerning new malicious content threats.
- Network data center 210 may also acquire this information from data feeds 240 in real-time or as a part of regularly scheduled query operation.
- Desktop application 220 and enterprise appliance 230 may also provide information to network data center 210 as a part of a push operation. Batches of data concerning malicious content gathered by the malicious content detection mechanism 160 at these applications and devices may be delivered to the network data center 210 on a regularly scheduled push operation.
- the real-time data feeds 240 may include honey pots ( 245 ).
- Honey pots are domains that receive a significant amount of unsolicited messages and malicious content. These domains may be harvested whereby all the malicious content is harvested, thumb printed, and reported in order to maintain a more robust catalog of malicious content that may be reported to local clients or mail appliances.
- Real-time data feeds 240 may also includes information from real-time blacklist providers (RBLs) ( 250 ).
- RBLs real-time blacklist providers
- a DNS-based black hole list provided by an RBL is a list of IP addresses published throughout the Internet Domain Names Service in a particular format. DNSBLs are used to publish the address of computers or networks related to spamming. Most mail servers can be configured to reject or flag messages sent from a site listed in a DNSBL.
- Real-time data feeds 240 can also include rating analytic information ( 255 ) generated by an entity such SonicWALL, Inc. of San Jose, Calif.
- SonicWALL's SonicLabs program employs a team of specialized rating analysts that review sequencing results and vet data on multiple levels. This vetting adds an additional layer of checks-and-balances to characterization of content.
- DHA directory harvest attack
- a DHA involves messages that are sent to non-existent recipients. For example, a spammer may simply run a randomized dictionary application that creates a number of user name permutations for a given domain. Message sent to non-existent mail recipients may be identified as malicious because they are most likely a part of a DHA. DHA type messages are most likely spam. If there is a spike in messages that have been labeled as possible DHAs, then the likelihood that such a message is spam or is otherwise malicious only further increases.
- Network data center 210 and malicious content detection mechanism 160 may implement cross-vector protection whereby various threats are grouped by vectors corresponding to a particular port which suspect traffic might breach a network perimeter. For example, traffic over Port 25 might related to the e-mail vector where as traffic over Port 80 might relate to the Web vector. In such an instance, an incoming electronic mail message might include a URL that causes the message to be deemed suspicious. By utilizing a cross-vector approach, access to the message might be blocked on Port 25 (i.e., the e-mail vector) whereas access to the URL that caused the message to be deemed suspicious is simultaneously blocked on Port 80 (i.e., the Web vector).
- Each component of any given vector can receive independent analysis and filtering.
- a single e-mail message might be broken down into several components such as a sender Internet Protocol (IP) address, content of the text of the message, structure of the message, links (i.e., URLs) in the message, file attachments, and embedded images. Any of these components might individually be a recognized as a threat, the presence of which might cause a message to subsequently have a “good” or “bad” reputation as a result of the aforementioned collaborative filtering.
- IP Internet Protocol
- FIG. 3 illustrates a method 300 for establishing the reputation of message components.
- the reputation of components from a particular e-mail message may be determined through the compilation and weighting of junk and unjunk “votes.”
- each component may be encrypted using a non-reversible hash process to create a “thumbprint” of that component ( 320 ).
- thumbprints not the original component data itself—are then sent to the data center 210 at step 330 with a corresponding reputation of ‘good’ or ‘bad.’
- the data is then tabulated in real time at the network data center 210 at step 340 . Transmissions of data may be encoded over HTTPS, using the DES/AES encryption of the browser.
- System 200 may implement certain measures to prevent spammers or other unscrupulous third-parties from skewing a characterization of content, which may not necessarily be malicious but simply annoying (e.g., unsolicited commercial offers).
- each malicious content detection mechanism 160 at a corresponding network device e.g., the desktop application 220 or enterprise appliance 230
- a corresponding network device e.g., the desktop application 220 or enterprise appliance 230
- a single ‘vote’ per ‘thumbprint’ per day For example, if the same URL is determined to be bad by an anti-spam desktop application 210 user in New York and another anti-spam desktop 210 user in Beijing, each user is anonymously allowed a single individual vote.
- FIG. 4 illustrates a method 400 for characterizing messages using real-time updates received from the network data center 210 .
- the message is broken down into its component parts (thumbprints) (step 420 ).
- the reputation of each component is determined using information from the data center 210 at step 430 .
- Information from the data center 210 has been pushed to the malicious content detection mechanism 160 on a regularly scheduled basis (e.g., every five minutes as part of step 360 ) or received in response to a direct query by the malicious content detection mechanism 160 .
- the e-mail may be identified as having a reputation of junk (step 450 ) and processed accordingly (step 460 ), which may include quarantining or deletion of the message.
- Information concerning processing of the message in step 460 may be reported back to the network data center 210 in optional step 470 .
- Collaborative filtering provides for a self-correcting human element.
- the data center 210 may recognize that a particular IP address has transmitted a spam e-mail.
- the sender of the e-mail from that IP address may be known to be legitimate and have a good reputation.
- a broader statistical sample is established, and a more accurate reputation score can be determined. This comprehensive vetting process can be applied to all thumbprint types.
- the network data center 210 of FIG. 2 operates with respect to not only spam messages, but virus-related information and malware.
- Information related to viruses and malware may be generated in a similar fashion as spam thumbprints.
- Information may also be acquired through the receipt of continual updates from anti-virus specialists such as McAfee or and Kaspersky Labs.
- Embodiments of the presently disclosed invention may implement deep packet inspection (DPI).
- DPI deep packet inspection
- Embodiments of the presently disclosed invention may also use signatures, which differ from thumbprints as signatures are based on pattern matching. For example, a particular string of information such as a byte string or binary string (or any other string of data) might be followed by a subsequent string, which might (in turn) be followed by yet another string. This pattern of strings may be indicative of a particular type of malicious content. Use of pattern matching and signatures may be particularly useful in the context of a file being streamed through an appliance. Signatures are particular to data within a file. These signatures may be based on pattern recognition, heuristics, file analysis, or behavioral analysis.
- Thumbprints are a hash or some other unique identifier of the file or portions of the file.
- a thumbprint differs from a signature in that a particular file might correspond to a signature for a particular type of malicious content.
- the signature of the file might different notwithstanding the fact that an identical signature is otherwise present. For example, three particular byte strings might correspond to a particular signature. Data interspersed in that signature, however, might result in a different thumbprint.
- Thumbprints need not be taken with respect to the entirety of a file and may be applied against particular portions of a file. Thumbprints may be taken with respect to IP addresses, images, content in a message body, content, URLs, and contacts points such as phone numbers, email addresses and URLs.
- Various embodiments of the presently disclosed invention may include memory, network interfaces, processors, internal bus, and other hardware and/or software as may be utilized by one of skill in the art. Certain methods may be implemented in software.
- a computer-readable storage medium such as memory, hard drive, flash drive, or some other non-transitory storage medium may be utilized to store those instructions, which are (in turn) accessible to a processor or processors for execution. In some instances, those instructions may be embodied as microcode and implemented in the context of an application specific integrated circuit.
- the network data center may maintain thumbprints of legitimate content.
- a particular message thumbprint may see a spike in traffic around the world. This may, however, be the result of a company-wide newsletter being sent from human resources to every member of every office of a company with 20 offices worldwide, each office having more than 100 employees.
- the existence of legitimate message spikes may be presented to clients and appliances in order to ensure that such messages are not incorrectly excluded from delivery to an end user.
Abstract
Description
Claims (18)
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/661,470 US8522347B2 (en) | 2009-03-16 | 2010-03-16 | Real-time network updates for malicious content |
US13/967,210 US9077671B2 (en) | 2005-06-16 | 2013-08-14 | Real-time network updates for malicious content |
US14/793,683 US9672359B2 (en) | 2005-06-16 | 2015-07-07 | Real-time network updates for malicious content |
US15/590,897 US10089466B2 (en) | 2009-03-16 | 2017-05-09 | Real-time network updates for malicious content |
US16/143,207 US10878092B2 (en) | 2009-03-16 | 2018-09-26 | Real-time network updates for malicious content |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16061309P | 2009-03-16 | 2009-03-16 | |
US12/661,470 US8522347B2 (en) | 2009-03-16 | 2010-03-16 | Real-time network updates for malicious content |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/967,210 Continuation US9077671B2 (en) | 2005-06-16 | 2013-08-14 | Real-time network updates for malicious content |
Publications (2)
Publication Number | Publication Date |
---|---|
US20110016527A1 US20110016527A1 (en) | 2011-01-20 |
US8522347B2 true US8522347B2 (en) | 2013-08-27 |
Family
ID=43466181
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/661,470 Active 2031-01-29 US8522347B2 (en) | 2005-06-16 | 2010-03-16 | Real-time network updates for malicious content |
US13/967,210 Active US9077671B2 (en) | 2005-06-16 | 2013-08-14 | Real-time network updates for malicious content |
US14/793,683 Expired - Fee Related US9672359B2 (en) | 2005-06-16 | 2015-07-07 | Real-time network updates for malicious content |
US15/590,897 Active US10089466B2 (en) | 2009-03-16 | 2017-05-09 | Real-time network updates for malicious content |
US16/143,207 Active US10878092B2 (en) | 2009-03-16 | 2018-09-26 | Real-time network updates for malicious content |
Family Applications After (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/967,210 Active US9077671B2 (en) | 2005-06-16 | 2013-08-14 | Real-time network updates for malicious content |
US14/793,683 Expired - Fee Related US9672359B2 (en) | 2005-06-16 | 2015-07-07 | Real-time network updates for malicious content |
US15/590,897 Active US10089466B2 (en) | 2009-03-16 | 2017-05-09 | Real-time network updates for malicious content |
US16/143,207 Active US10878092B2 (en) | 2009-03-16 | 2018-09-26 | Real-time network updates for malicious content |
Country Status (1)
Country | Link |
---|---|
US (5) | US8522347B2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130332552A1 (en) * | 2005-06-16 | 2013-12-12 | Sonicwall, Inc. | Real-time network updates for malicious content |
US11429716B2 (en) * | 2019-11-26 | 2022-08-30 | Sap Se | Collaborative application security |
US11882112B2 (en) | 2021-05-26 | 2024-01-23 | Bank Of America Corporation | Information security system and method for phishing threat prevention using tokens |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9514466B2 (en) * | 2009-11-16 | 2016-12-06 | Yahoo! Inc. | Collecting and presenting data including links from communications sent to or from a user |
US9058592B2 (en) * | 2011-04-28 | 2015-06-16 | Microsoft Technology Licensing, Llc | Reporting compromised email accounts |
US11458007B2 (en) * | 2012-08-10 | 2022-10-04 | W. L. Gore & Associates, Inc. | Devices and methods for limiting a depth of penetration for an anchor within an anatomy |
US9800589B1 (en) * | 2013-08-22 | 2017-10-24 | Sonus Networks, Inc. | Methods and apparatus for detecting malicious attacks |
US9509649B2 (en) * | 2014-08-27 | 2016-11-29 | Red Hat, Inc. | Providing centralized message notification |
EP3217309A4 (en) * | 2014-11-07 | 2018-07-04 | Suhjun Park | Protective system, device, and method for protecting electronic communication device |
US9553885B2 (en) * | 2015-06-08 | 2017-01-24 | Illusive Networks Ltd. | System and method for creation, deployment and management of augmented attacker map |
US10382484B2 (en) | 2015-06-08 | 2019-08-13 | Illusive Networks Ltd. | Detecting attackers who target containerized clusters |
CN105515830A (en) * | 2015-11-26 | 2016-04-20 | 广州酷狗计算机科技有限公司 | User management method and device |
US10333976B1 (en) | 2018-07-23 | 2019-06-25 | Illusive Networks Ltd. | Open source intelligence deceptions |
US10404747B1 (en) | 2018-07-24 | 2019-09-03 | Illusive Networks Ltd. | Detecting malicious activity by using endemic network hosts as decoys |
US10382483B1 (en) | 2018-08-02 | 2019-08-13 | Illusive Networks Ltd. | User-customized deceptions and their deployment in networks |
US10333977B1 (en) | 2018-08-23 | 2019-06-25 | Illusive Networks Ltd. | Deceiving an attacker who is harvesting credentials |
US10432665B1 (en) | 2018-09-03 | 2019-10-01 | Illusive Networks Ltd. | Creating, managing and deploying deceptions on mobile devices |
US11070632B2 (en) * | 2018-10-17 | 2021-07-20 | Servicenow, Inc. | Identifying computing devices in a managed network that are involved in blockchain-based mining |
US11882152B2 (en) | 2021-07-30 | 2024-01-23 | Bank Of America Corporation | Information security system and method for phishing website identification based on image hashing |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20050044418A1 (en) * | 2003-07-25 | 2005-02-24 | Gary Miliefsky | Proactive network security system to protect against hackers |
US20070078775A1 (en) * | 2005-09-14 | 2007-04-05 | Huapaya Luis M | System and method for preventing unauthorized use of digital works |
US20070107059A1 (en) * | 2004-12-21 | 2007-05-10 | Mxtn, Inc. | Trusted Communication Network |
US20070180526A1 (en) * | 2001-11-30 | 2007-08-02 | Lancope, Inc. | Flow-based detection of network intrusions |
US20070277238A1 (en) * | 2003-10-10 | 2007-11-29 | Aladdin Knowledge Systems Ltd. | Method And System For Preventing Exploitation Of Email Messages |
US7519998B2 (en) * | 2004-07-28 | 2009-04-14 | Los Alamos National Security, Llc | Detection of malicious computer executables |
US20090254529A1 (en) * | 2008-04-04 | 2009-10-08 | Lev Goldentouch | Systems, methods and computer program products for content management |
US7610344B2 (en) * | 2004-12-13 | 2009-10-27 | Microsoft Corporation | Sender reputations for spam prevention |
US7712132B1 (en) * | 2005-10-06 | 2010-05-04 | Ogilvie John W | Detecting surreptitious spyware |
US7779156B2 (en) * | 2007-01-24 | 2010-08-17 | Mcafee, Inc. | Reputation based load balancing |
US7836133B2 (en) * | 2005-05-05 | 2010-11-16 | Ironport Systems, Inc. | Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources |
US7958555B1 (en) * | 2007-09-28 | 2011-06-07 | Trend Micro Incorporated | Protecting computer users from online frauds |
US8069213B2 (en) * | 2006-04-05 | 2011-11-29 | Ironport Systems, Inc. | Method of controlling access to network resources using information in electronic mail messages |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7845004B2 (en) | 2001-07-27 | 2010-11-30 | International Business Machines Corporation | Correlating network information and intrusion information to find the entry point of an attack upon a protected computer |
US7152105B2 (en) | 2002-01-15 | 2006-12-19 | Mcafee, Inc. | System and method for network vulnerability detection and reporting |
US20030212779A1 (en) | 2002-04-30 | 2003-11-13 | Boyter Brian A. | System and Method for Network Security Scanning |
US20060168006A1 (en) * | 2003-03-24 | 2006-07-27 | Mr. Marvin Shannon | System and method for the classification of electronic communication |
US20050060643A1 (en) * | 2003-08-25 | 2005-03-17 | Miavia, Inc. | Document similarity detection and classification system |
WO2006012216A2 (en) * | 2004-06-25 | 2006-02-02 | Passmark Security, Inc. | Method and apparatus for validating e-mail messages |
US20060168057A1 (en) * | 2004-10-06 | 2006-07-27 | Habeas, Inc. | Method and system for enhanced electronic mail processing |
US20060200487A1 (en) * | 2004-10-29 | 2006-09-07 | The Go Daddy Group, Inc. | Domain name related reputation and secure certificates |
US20150213131A1 (en) * | 2004-10-29 | 2015-07-30 | Go Daddy Operating Company, LLC | Domain name searching with reputation rating |
US20080028100A1 (en) * | 2004-10-29 | 2008-01-31 | The Go Daddy Group, Inc. | Tracking domain name related reputation |
US8117339B2 (en) * | 2004-10-29 | 2012-02-14 | Go Daddy Operating Company, LLC | Tracking domain name related reputation |
US8635690B2 (en) * | 2004-11-05 | 2014-01-21 | Mcafee, Inc. | Reputation based message processing |
US7562304B2 (en) * | 2005-05-03 | 2009-07-14 | Mcafee, Inc. | Indicating website reputations during website manipulation of user information |
US20060277259A1 (en) * | 2005-06-07 | 2006-12-07 | Microsoft Corporation | Distributed sender reputations |
US8522347B2 (en) | 2009-03-16 | 2013-08-27 | Sonicwall, Inc. | Real-time network updates for malicious content |
US7702107B1 (en) * | 2005-07-27 | 2010-04-20 | Messing John H | Server-based encrypted messaging method and apparatus |
US7945627B1 (en) * | 2006-09-28 | 2011-05-17 | Bitdefender IPR Management Ltd. | Layout-based electronic communication filtering systems and methods |
US20080208980A1 (en) * | 2007-02-26 | 2008-08-28 | Michael Ruarri Champan | Email aggregation system with supplemental processing information addition/removal and related methods |
US8103727B2 (en) * | 2007-08-30 | 2012-01-24 | Fortinet, Inc. | Use of global intelligence to make local information classification decisions |
US20090077182A1 (en) * | 2007-09-17 | 2009-03-19 | Iconix, Inc | System and method for identifying email campaigns |
US7996475B2 (en) * | 2008-07-03 | 2011-08-09 | Barracuda Networks Inc | Facilitating transmission of email by checking email parameters with a database of well behaved senders |
US20100082758A1 (en) * | 2008-09-30 | 2010-04-01 | Tal Golan | Global email address reputation system |
US8170966B1 (en) * | 2008-11-04 | 2012-05-01 | Bitdefender IPR Management Ltd. | Dynamic streaming message clustering for rapid spam-wave detection |
US8434150B2 (en) * | 2011-03-24 | 2013-04-30 | Microsoft Corporation | Using social graphs to combat malicious attacks |
-
2010
- 2010-03-16 US US12/661,470 patent/US8522347B2/en active Active
-
2013
- 2013-08-14 US US13/967,210 patent/US9077671B2/en active Active
-
2015
- 2015-07-07 US US14/793,683 patent/US9672359B2/en not_active Expired - Fee Related
-
2017
- 2017-05-09 US US15/590,897 patent/US10089466B2/en active Active
-
2018
- 2018-09-26 US US16/143,207 patent/US10878092B2/en active Active
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070180526A1 (en) * | 2001-11-30 | 2007-08-02 | Lancope, Inc. | Flow-based detection of network intrusions |
US20050044418A1 (en) * | 2003-07-25 | 2005-02-24 | Gary Miliefsky | Proactive network security system to protect against hackers |
US20070277238A1 (en) * | 2003-10-10 | 2007-11-29 | Aladdin Knowledge Systems Ltd. | Method And System For Preventing Exploitation Of Email Messages |
US7519998B2 (en) * | 2004-07-28 | 2009-04-14 | Los Alamos National Security, Llc | Detection of malicious computer executables |
US7610344B2 (en) * | 2004-12-13 | 2009-10-27 | Microsoft Corporation | Sender reputations for spam prevention |
US20070107059A1 (en) * | 2004-12-21 | 2007-05-10 | Mxtn, Inc. | Trusted Communication Network |
US7854007B2 (en) * | 2005-05-05 | 2010-12-14 | Ironport Systems, Inc. | Identifying threats in electronic messages |
US7836133B2 (en) * | 2005-05-05 | 2010-11-16 | Ironport Systems, Inc. | Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources |
US20070078775A1 (en) * | 2005-09-14 | 2007-04-05 | Huapaya Luis M | System and method for preventing unauthorized use of digital works |
US7712132B1 (en) * | 2005-10-06 | 2010-05-04 | Ogilvie John W | Detecting surreptitious spyware |
US8069213B2 (en) * | 2006-04-05 | 2011-11-29 | Ironport Systems, Inc. | Method of controlling access to network resources using information in electronic mail messages |
US7779156B2 (en) * | 2007-01-24 | 2010-08-17 | Mcafee, Inc. | Reputation based load balancing |
US7958555B1 (en) * | 2007-09-28 | 2011-06-07 | Trend Micro Incorporated | Protecting computer users from online frauds |
US20090254529A1 (en) * | 2008-04-04 | 2009-10-08 | Lev Goldentouch | Systems, methods and computer program products for content management |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130332552A1 (en) * | 2005-06-16 | 2013-12-12 | Sonicwall, Inc. | Real-time network updates for malicious content |
US9077671B2 (en) * | 2005-06-16 | 2015-07-07 | Dell Software Inc. | Real-time network updates for malicious content |
US9672359B2 (en) | 2005-06-16 | 2017-06-06 | Sonicwall Inc. | Real-time network updates for malicious content |
US10089466B2 (en) | 2009-03-16 | 2018-10-02 | Sonicwall Inc. | Real-time network updates for malicious content |
US10878092B2 (en) | 2009-03-16 | 2020-12-29 | Sonicwall Inc. | Real-time network updates for malicious content |
US11429716B2 (en) * | 2019-11-26 | 2022-08-30 | Sap Se | Collaborative application security |
US11882112B2 (en) | 2021-05-26 | 2024-01-23 | Bank Of America Corporation | Information security system and method for phishing threat prevention using tokens |
Also Published As
Publication number | Publication date |
---|---|
US20190130109A1 (en) | 2019-05-02 |
US20110016527A1 (en) | 2011-01-20 |
US20170316207A1 (en) | 2017-11-02 |
US20130332552A1 (en) | 2013-12-12 |
US10089466B2 (en) | 2018-10-02 |
US10878092B2 (en) | 2020-12-29 |
US9672359B2 (en) | 2017-06-06 |
US20160026797A1 (en) | 2016-01-28 |
US9077671B2 (en) | 2015-07-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10878092B2 (en) | Real-time network updates for malicious content | |
US11552981B2 (en) | Message authenticity and risk assessment | |
US10326779B2 (en) | Reputation-based threat protection | |
Ramachandran et al. | Revealing botnet membership using dnsbl counter-intelligence. | |
EP2562976B1 (en) | Systems and Methods for Enhancing Electronic Communication Security | |
US9027135B1 (en) | Prospective client identification using malware attack detection | |
Cook et al. | Catching spam before it arrives: domain specific dynamic blacklists | |
CA2478299C (en) | Systems and methods for enhancing electronic communication security | |
Bass et al. | E-mail bombs and countermeasures: Cyber attacks on availability and brand integrity | |
JP2009515426A (en) | High reliability communication network | |
US20060075099A1 (en) | Automatic elimination of viruses and spam | |
Nagamalai et al. | An in-depth analysis of spam and spammers | |
Antonatos et al. | A systematic characterization of IM threats using honeypots | |
Moon et al. | Detection of botnets before activation: an enhanced honeypot system for intentional infection and behavioral observation of malware | |
US11392691B1 (en) | System and method of securing e-mail against phishing and ransomware attack | |
Goel et al. | Botnets: the anatomy of a case | |
Rathgeb et al. | The e-mail honeypot system concept, implementation and field test results | |
Ismail et al. | Image spam detection: problem and existing solution | |
St Sauver | Spam zombies and inbound flows to compromised customer systems | |
Kim | Privacy-preserving distributed, automated signature-based detection of new Internet worms | |
Khanna et al. | “IT” Infrastructure Protection From Malicious Codes and Malware Protection System using controlled environment | |
Bragin | Measurement study of the Web through a spam lens | |
Choi | Transactional behaviour based spam detection | |
Bencsáth et al. | Efficient Directory Harvest Attacks and Countermeasures. | |
Salomon et al. | Network security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SONICWALL, INC., CALIFORNIA Free format text: CHANGE OF NAME;ASSIGNOR:PSM MERGER SUB (DELAWARE), INC.;REEL/FRAME:024755/0091 Effective date: 20100723 Owner name: PSM MERGER SUB (DELAWARE), INC., CALIFORNIA Free format text: MERGER;ASSIGNOR:SONICWALL, INC.;REEL/FRAME:024755/0083 Effective date: 20100723 |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, NEW YORK Free format text: PATENT SECURITY AGREEMENT (SECOND LIEN);ASSIGNORS:AVENTAIL LLC;SONICWALL, INC.;REEL/FRAME:024823/0280 Effective date: 20100723 Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, NEW YORK Free format text: SECURITY AGREEMENT;ASSIGNORS:AVENTAIL LLC;SONICWALL, INC.;REEL/FRAME:024776/0337 Effective date: 20100723 |
|
AS | Assignment |
Owner name: SONICWALL, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YANOVSKY, BORIS;EIKENBERRY, SCOTT D.;RACHAMREDDY BHUVANASUNDAR;AND OTHERS;SIGNING DATES FROM 20100820 TO 20100923;REEL/FRAME:025062/0497 Owner name: SONICWALL, INC., CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YANOVSKY, BORIS;EIKENBERRY, SCOTT D.;RACHAM, BHUVAN;AND OTHERS;SIGNING DATES FROM 20100820 TO 20100923;REEL/FRAME:025062/0497 |
|
AS | Assignment |
Owner name: AVENTAIL LLC, CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN PATENTS RECORDED ON REEL/FRAME 024776/0337;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:028177/0115 Effective date: 20120508 Owner name: SONICWALL, INC., CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN PATENTS RECORDED ON REEL/FRAME 024823/0280;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:028177/0126 Effective date: 20120508 Owner name: AVENTAIL LLC, CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN PATENTS RECORDED ON REEL/FRAME 024823/0280;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:028177/0126 Effective date: 20120508 Owner name: SONICWALL, INC., CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN PATENTS RECORDED ON REEL/FRAME 024776/0337;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:028177/0115 Effective date: 20120508 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: DELL SOFTWARE INC., TEXAS Free format text: MERGER;ASSIGNOR:SONICWALL L.L.C.;REEL/FRAME:037277/0775 Effective date: 20150408 Owner name: SONICWALL L.L.C., DELAWARE Free format text: CONVERSION AND NAME CHANGE;ASSIGNOR:SONICWALL, INC.;REEL/FRAME:037278/0867 Effective date: 20130123 |
|
AS | Assignment |
Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., AS NOTES COLLATERAL AGENT, TEXAS Free format text: SECURITY AGREEMENT;ASSIGNORS:AVENTAIL LLC;DELL PRODUCTS L.P.;DELL SOFTWARE INC.;REEL/FRAME:040039/0642 Effective date: 20160907 Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NORTH CAROLINA Free format text: SECURITY AGREEMENT;ASSIGNORS:AVENTAIL LLC;DELL PRODUCTS, L.P.;DELL SOFTWARE INC.;REEL/FRAME:040030/0187 Effective date: 20160907 Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLAT Free format text: SECURITY AGREEMENT;ASSIGNORS:AVENTAIL LLC;DELL PRODUCTS, L.P.;DELL SOFTWARE INC.;REEL/FRAME:040030/0187 Effective date: 20160907 Owner name: THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A., A Free format text: SECURITY AGREEMENT;ASSIGNORS:AVENTAIL LLC;DELL PRODUCTS L.P.;DELL SOFTWARE INC.;REEL/FRAME:040039/0642 Effective date: 20160907 |
|
AS | Assignment |
Owner name: DELL SOFTWARE INC., CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040039/0642);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A.;REEL/FRAME:040521/0016 Effective date: 20161031 Owner name: AVENTAIL LLC, CALIFORNIA Free format text: RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040039/0642);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A.;REEL/FRAME:040521/0016 Effective date: 20161031 Owner name: DELL PRODUCTS, L.P., TEXAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:040521/0467 Effective date: 20161031 Owner name: DELL SOFTWARE INC., CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:040521/0467 Effective date: 20161031 Owner name: DELL PRODUCTS L.P., TEXAS Free format text: RELEASE OF SECURITY INTEREST IN CERTAIN PATENTS PREVIOUSLY RECORDED AT REEL/FRAME (040039/0642);ASSIGNOR:THE BANK OF NEW YORK MELLON TRUST COMPANY, N.A.;REEL/FRAME:040521/0016 Effective date: 20161031 Owner name: AVENTAIL LLC, CALIFORNIA Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:040521/0467 Effective date: 20161031 |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NEW YORK Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:DELL SOFTWARE INC.;REEL/FRAME:040581/0850 Effective date: 20161031 Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLAT Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:DELL SOFTWARE INC.;REEL/FRAME:040581/0850 Effective date: 20161031 |
|
AS | Assignment |
Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NEW YORK Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:DELL SOFTWARE INC.;REEL/FRAME:040587/0624 Effective date: 20161031 Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLAT Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:DELL SOFTWARE INC.;REEL/FRAME:040587/0624 Effective date: 20161031 |
|
AS | Assignment |
Owner name: SONICWALL US HOLDINGS, INC., CALIFORNIA Free format text: INTELLECTUAL PROPERTY SECURITY AGREEMENT;ASSIGNOR:QUEST SOFTWARE INC.;REEL/FRAME:041073/0001 Effective date: 20161230 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: SONICWALL US HOLDINGS INC., CALIFORNIA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE THE NATURE OF CONVEYANCE PREVIOUSLY RECORDED AT REEL: 041073 FRAME: 0001. ASSIGNOR(S) HEREBY CONFIRMS THE INTELLECTUAL PROPERTY ASSIGNMENT.;ASSIGNOR:QUEST SOFTWARE INC.;REEL/FRAME:042168/0114 Effective date: 20161230 |
|
AS | Assignment |
Owner name: QUEST SOFTWARE INC. (F/K/A DELL SOFTWARE INC.), CALIFORNIA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE PREVIOUSLY RECORDED AT REEL: 040587 FRAME: 0624. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:044811/0598 Effective date: 20171114 Owner name: QUEST SOFTWARE INC. (F/K/A DELL SOFTWARE INC.), CA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE PREVIOUSLY RECORDED AT REEL: 040587 FRAME: 0624. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:044811/0598 Effective date: 20171114 Owner name: AVENTAIL LLC, CALIFORNIA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE ASSIGNEE PREVIOUSLY RECORDED AT REEL: 040587 FRAME: 0624. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH;REEL/FRAME:044811/0598 Effective date: 20171114 |
|
AS | Assignment |
Owner name: QUEST SOFTWARE INC., DELAWARE Free format text: CHANGE OF NAME;ASSIGNOR:DELL SOFTWARE INC.;REEL/FRAME:045818/0566 Effective date: 20161101 |
|
AS | Assignment |
Owner name: QUEST SOFTWARE INC. (F/K/A DELL SOFTWARE INC.), CALIFORNIA Free format text: RELEASE OF FIRST LIEN SECURITY INTEREST IN PATENTS RECORDED AT R/F 040581/0850;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT;REEL/FRAME:046211/0735 Effective date: 20180518 Owner name: QUEST SOFTWARE INC. (F/K/A DELL SOFTWARE INC.), CA Free format text: RELEASE OF FIRST LIEN SECURITY INTEREST IN PATENTS RECORDED AT R/F 040581/0850;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT;REEL/FRAME:046211/0735 Effective date: 20180518 Owner name: AVENTAIL LLC, CALIFORNIA Free format text: RELEASE OF FIRST LIEN SECURITY INTEREST IN PATENTS RECORDED AT R/F 040581/0850;ASSIGNOR:CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT;REEL/FRAME:046211/0735 Effective date: 20180518 |
|
AS | Assignment |
Owner name: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT, CONNECTICUT Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:SONICWALL US HOLDINGS INC.;REEL/FRAME:046321/0414 Effective date: 20180518 Owner name: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT, CONNECTICUT Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:SONICWALL US HOLDINGS INC.;REEL/FRAME:046321/0393 Effective date: 20180518 Owner name: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT, CONN Free format text: FIRST LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:SONICWALL US HOLDINGS INC.;REEL/FRAME:046321/0414 Effective date: 20180518 Owner name: UBS AG, STAMFORD BRANCH, AS COLLATERAL AGENT, CONN Free format text: SECOND LIEN PATENT SECURITY AGREEMENT;ASSIGNOR:SONICWALL US HOLDINGS INC.;REEL/FRAME:046321/0393 Effective date: 20180518 |
|
AS | Assignment |
Owner name: SONICWALL INC., CALIFORNIA Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE INVENTOR'S NAME FROM BHUVAN RACHAM TO BHUVANASUNDAR RACHAMREDDY PREVIOUSLY RECORDED AT REEL: 025062 FRAME: 0497. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNORS:YANOVSKY, BORIS;EIKENBERRY, SCOTT D.;RACHAMREDDY, BHUVANASUNDAR;AND OTHERS;SIGNING DATES FROM 20100820 TO 20100923;REEL/FRAME:055317/0501 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FEPP | Fee payment procedure |
Free format text: 7.5 YR SURCHARGE - LATE PMT W/IN 6 MO, LARGE ENTITY (ORIGINAL EVENT CODE: M1555); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |